Seiko has confirmed that the July 2023 data breach resulted from a ransomware attack and leaked personal information.
On August 10, 2023, the Japanese watchmaking giant stated that unknown threat actors compromised one of its servers on July 28, 2023, and potentially leaked “some information stored by our Company and/or our Group companies.”
“Seiko Group Corporation has confirmed that on July 28th of this year, the Company suffered a possible data breach. It appears that some as-yet-unidentified party or parties gained unauthorized access to at least one of our servers,” the company said.
On August 21, 2023, the Russian cybercrime group, the BlackCat/ALPHV ransomware gang, took responsibility for the attack and claimed to have exfiltrated 2 TB of data.
The stash allegedly included employee information, proprietary production information, meeting recordings in audio and video formats, emails, and copies of foreign visitors’ passports.
Additionally, the cyber group threatened to publish the stolen information online unless Seiko paid a ransom. BlackCat/ALPHV ransomware eventually leaked the stolen data after Seiko refused to pay the ransom.
Seiko’s data breach resulted from a ransomware attack
On August 22, 2023, Seiko confirmed that the data breach resulted from a ransomware attack and leaked personal identifiable information (PII) belonging to customers, business partners, employees, and job applicants.
“This unauthorized access was the result of a ransomware attack. Due to this incident, we have verified that certain information relating to our business partners and employees of the Seiko Group companies has been leaked,” said Seiko.
On October 25, 2023, Seiko published another update clarifying the nature of information stolen during the BlackCat ransomware attack.
“Following a comprehensive review by both the Company and cybersecurity experts, we confirmed that a total of approximately 60,000 items of personal data held by Seiko Group Corporation (SGC), Seiko Watch Corporation (SWC), and Seiko Instruments Inc. (SII) were compromised,” noted Seiko.
According to Seiko, the data breach leaked SWC customer information, including names, addresses, phone numbers, and/or email addresses. Similar data was leaked for SGC and/or SWC job applicants in addition to their educational background and names and contact information of current and former employees.
The data breach also exposed SGC, SWC, and/or SII business partners’ names, company affiliations, job titles, company addresses, company phone numbers, and/or email addresses.
However, the incident did not expose payment information such as credit cards or bank account information. Most companies do not collect or store that information and rely on third-party payment processors.
After determining the data breach source, Seiko responded by blocking external communication with compromised servers, installing Endpoint Detection and Response(EDR) systems on all servers and PCs to detect unauthorized activity and enabling multi-factor authentication to prevent illegal logins. Seiko did not disclosed the attack vector exploited, but experts suggest that BlackCat/ALPHV ransomware obtained access from an initial access broker.
Seiko promises to enhance security measures to prevent future data breaches
Meanwhile, the Japanese watchmaker assured its customers it would continue to review its IT systems and check for vulnerabilities, assess the scope of the data breach, and enhance security monitoring, in addition to other security measures to prevent future data breaches.
Commenting on the Seiko ransomware attack, Roger Grimes, a Data-Driven Defense Evangelist at KnowBe4, highlighted customers’ concerns about providing data to breached organizations.
“Customers may be able to forgive a single data breach, but to have continued faith in a company, they want to know that their data is better protected in the future,” said Grimes. “If a company can’t demonstrate that it’s doing a far better job in the future of holding and protecting my data, why should I allow them to have my data?”
Seiko also promised to contact the impacted individuals and respond to their personal concerns.
“We have begun reaching out to each of the affected parties individually, and if any further leaks are discovered, we will, to the best of our ability, continue to respond to each affected party on an individual basis,” said Seiko.
In the meantime, victims should avoid clicking on suspicious links or downloading attachments received via unsolicited emails from unknown senders.
“The recent ransomware attack on Seiko is a reminder of the substantial risks posed by ransomware groups to organizations,” said Alastair Williams, Vice President of Worldwide Systems Engineering at Skybox Security. “Apart from the business implications of this data breach, the attackers gained access to Personally Identifiable Information (PII) of customers, partners, and employees.”
Seiko’s update follows another data breach confirmation by the Japanese electronics giant Casio.